]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4e8a8d3)
libblkid: jfs - avoid undefined shift
authorMilan Broz <gmazyland@gmail.com>
Thu, 27 Oct 2022 14:05:35 +0000 (16:05 +0200)
committerMilan Broz <gmazyland@gmail.com>
Thu, 27 Oct 2022 14:05:35 +0000 (16:05 +0200)
JFS probe can use undefined shift if stored log2 of block
size is a bogus value. Avoid this by limiting shift size.

Reproducer found with OSS-Fuzz (issue 52643) running over
cryptsetup project (blkid is used in header init).

Signed-off-by: Milan Broz <gmazyland@gmail.com>
libblkid/src/superblocks/jfs.c patch | blob | blame | history

diff --git a/libblkid/src/superblocks/jfs.c b/libblkid/src/superblocks/jfs.c
index e22467246cdc6a47e7134b84c222031663cfe86b..1b545c7d5077bae892fff1b7df542535df033314 100644 (file)
--- a/libblkid/src/superblocks/jfs.c
+++ b/libblkid/src/superblocks/jfs.c
@@ -41,6 +41,8 @@ static int probe_jfs(blkid_probe pr, const struct blkid_idmag *mag)
        js = blkid_probe_get_sb(pr, mag, struct jfs_super_block);
        if (!js)
                return errno ? -errno : 1;
+       if (le16_to_cpu(js->js_l2bsize) > 32 || le16_to_cpu(js->js_l2pbsize) > 32)
+               return 1;
        if (le32_to_cpu(js->js_bsize) != (1U << le16_to_cpu(js->js_l2bsize)))
                return 1;
        if (le32_to_cpu(js->js_pbsize) != (1U << le16_to_cpu(js->js_l2pbsize)))
Unnamed repository; edit this file 'description' to name the repository.